Due to the incorrect usage of ``getAcl()``, unprivileged users may not
have access to events despite the ACL explicitly allowing them access.
Instead, `getActiveAcl()` should be used to evaluate the correct access
permissions for a given event.
Note that there are further, less critical issues with `getAcl()` as
mentioned on list  which will be dealt with separately with a patch